Setting GRE Tunnel over IPSec VPN Cisco – GNS3 Lab22

Setting GRE Tunnel over IPSec VPN Cisco – GNS3 Lab22

  • R1 FastEthernet 0/0 : 10.10.10.2
  • R1 FastEthernet 0/1 : 20.20.20.2
  • R2 FastEthernet 0/0 : 10.10.10.1
  • R2 FastEthernet 0/1 : 192.168.10.1
  • R2 Tunnel 1 : 172.1.1.1
  • R2 FastEthernet 0/0 : 20.20.20.1
  • R2 FastEthernet 0/1 : 192.168.20.1
  • R2 Tunnel 1 : 172.1.1.2
  • PC1 : 192.168.10.2
  • PC2 : 192.168.20.2
  • Encryption : aes 256
  • Hash: sha-hmac

Setting IP address

  • R1
R1# configure terminal
R1(config)# interface fastEthernet 0/0
R1(config-if)# ip address 10.10.10.2 255.255.255.0
R1(config-if)# no shutdown
R1(config-if)# exit

R1(config)# interface fastEthernet 0/1
R1(config-if)# ip address 20.20.20.2 255.255.255.0
R1(config-if)# no shutdown
R1(config-if)# exit
  • R2
R2# configure terminal
R2(config)# interface fastEthernet 0/0
R2(config-if)# ip address 10.10.10.1 255.255.255.0
R2(config-if)# no shutdown
R2(config-if)# exit

R2(config)# interface fastEthernet 0/1
R2(config-if)# ip address 192.168.10.1 255.255.255.0
R2(config-if)# no shutdown
R2(config-if)# exit
  • R3
R3# configure terminal
R3(config)# interface fastEthernet 0/0
R3(config-if)# ip address 20.20.20.1 255.255.255.0
R3(config-if)# no shutdown
R3(config-if)# exit

R3(config)# interface fastEthernet 0/1
R3(config-if)# ip address 192.168.20.1 255.255.255.0
R3(config-if)# no shutdown
R3(config-if)# exit

Setting EIGRP

  • R1
R1# configure terminal
R1(config)# router eigrp 1
R1(config-router)# network 10.10.10.0
R1(config-router)# network 20.20.20.0
  • R2
R2# configure terminal
R2(config)# router eigrp 1
R2(config-router)# network 10.10.10.0
  • R3
R3# configure terminal
R3(config)# router eigrp 1
R3(config-router)# network 20.20.20.0

Setting GRE Tunnel

  • R2
R2# configure terminal
R2(config)# interface tunnel 1
R2(config-if)# ip address 172.1.1.1 255.255.255.0
R2(config-if)# tunnel source fastEthernet 0/0
R2(config-if)# tunnel destination 20.20.20.1
R2(config-if)# exit
  • R3
R3# configure terminal
R3(config)# interface tunnel 1
R3(config-if)# ip address 172.1.1.2 255.255.255.0
R3(config-if)# tunnel source fastEthernet 0/0
R3(config-if)# tunnel destination 10.10.10.1
R3(config-if)# exit

Enable IPSec Tunnel

  • R2
R2(config)# tunnel mode ipsec ipv4
  • R3
R3(config)# tunnel mode ipsec ipv4

Setting Static Routing

  • R2
R2(config)# ip route 192.168.20.0 255.255.255.0 172.1.1.2
  • R3
R3(config)# ip route 192.168.10.0 255.255.255.0 172.1.1.1

Tambahkan IKE Policy dan ISAKMP Key

  • R2
R2(config)# crypto isakmp policy 10
R2(config-isakmp)# encryption aes 256
R2(config-isakmp)# authentication pre-share
R2(config-isakmp)# group 5
R2(config-isakmp)# exit

R2(config)# crypto isakmp key 0 sys-ops.id address 20.20.20.1
R2(config)# crypto ipsec transform-set SYSOPSTRANS esp-aes esp-sha-hmac
R2(cfg-crypto-trans)# exit
  • R3
R3(config)# crypto isakmp policy 10
R3(config-isakmp)# encryption aes 256
R3(config-isakmp)# authentication pre-share
R3(config-isakmp)# group 5
R3(config-isakmp)# exit

R3(config)# crypto isakmp key 0 sys-ops.id address 10.10.10.1
R3(config)# crypto ipsec transform-set SYSOPSTRANS esp-aes esp-sha-hmac
R3(cfg-crypto-trans)# exit

Tambahkan IPSec Transform-set

  • R2
R2(config)# crypto ipsec profile SYSOPS
R2(ipsec-profile)# set transform-set SYSOPSTRANS
R2(ipsec-profile)# exit

R2(config)# interface tunnel 1
R2(config-if)# tunnel protection ipsec profile SYSOPS
  • R3
R3(config)# crypto ipsec profile SYSOPS
R3(ipsec-profile)# set transform-set SYSOPSTRANS
R3(ipsec-profile)# exit

R3(config)# interface tunnel 1
R3(config-if)# tunnel protection ipsec profile SYSOPS

Verifikasi IPSec

  • R2
R2# show crypto ipsec sa address
fvrf/address: (none)/10.10.10.1
   protocol: ESP
      spi: 0x4C5E7C41(1281260609)
        transform: esp-aes esp-sha-hmac ,
        in use settings ={Tunnel, }
        conn id: 2001, flow_id: SW:1, crypto map: Tunnel1-head-0
        sa timing: remaining key lifetime (k/sec): (4521237/1934)
        IV size: 16 bytes
        replay detection support: Y
        Status: ACTIVE

fvrf/address: (none)/20.20.20.1
   protocol: ESP
      spi: 0xA0291FC9(2687049673)
        transform: esp-aes esp-sha-hmac ,
        in use settings ={Tunnel, }
        conn id: 2002, flow_id: SW:2, crypto map: Tunnel1-head-0
        sa timing: remaining key lifetime (k/sec): (4521237/1934)
        IV size: 16 bytes
        replay detection support: Y
        Status: ACTIVE
  • R3
R3# show crypto ipsec sa address
fvrf/address: (none)/20.20.20.1
   protocol: ESP
      spi: 0xA0291FC9(2687049673)
        transform: esp-aes esp-sha-hmac ,
        in use settings ={Tunnel, }
        conn id: 2001, flow_id: SW:1, crypto map: Tunnel1-head-0
        sa timing: remaining key lifetime (k/sec): (4428427/2000)
        IV size: 16 bytes
        replay detection support: Y
        Status: ACTIVE

fvrf/address: (none)/10.10.10.1
   protocol: ESP
      spi: 0x4C5E7C41(1281260609)
        transform: esp-aes esp-sha-hmac ,
        in use settings ={Tunnel, }
        conn id: 2002, flow_id: SW:2, crypto map: Tunnel1-head-0
        sa timing: remaining key lifetime (k/sec): (4428427/2000)
        IV size: 16 bytes
        replay detection support: Y
        Status: ACTIVE

Verifikasi Routing Table

  • R2
R2# show ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route

Gateway of last resort is not set

D    20.0.0.0/8 [90/30720] via 10.10.10.2, 01:06:19, FastEthernet0/0
C    192.168.10.0/24 is directly connected, FastEthernet0/1
     172.1.0.0/24 is subnetted, 1 subnets
C       172.1.1.0 is directly connected, Tunnel1
S    192.168.20.0/24 [1/0] via 172.1.1.2
     10.0.0.0/24 is subnetted, 1 subnets
C       10.10.10.0 is directly connected, FastEthernet0/0
  • R3
R3# show ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route

Gateway of last resort is not set

     20.0.0.0/24 is subnetted, 1 subnets
C       20.20.20.0 is directly connected, FastEthernet0/0
S    192.168.10.0/24 [1/0] via 172.1.1.1
     172.1.0.0/24 is subnetted, 1 subnets
C       172.1.1.0 is directly connected, Tunnel1
C    192.168.20.0/24 is directly connected, FastEthernet0/1
D    10.0.0.0/8 [90/30720] via 20.20.20.2, 01:07:19, FastEthernet0/0

Pengujian

  • PC1
PC1> show ip

NAME        : PC1[1]
IP/MASK     : 192.168.10.2/24
GATEWAY     : 192.168.10.1
DNS         :
MAC         : 00:50:79:66:68:00
LPORT       : 10020
RHOST:PORT  : 127.0.0.1:10021
MTU:        : 1500

PC1> ping 172.1.1.2
84 bytes from 172.1.1.2 icmp_seq=1 ttl=254 time=74.987 ms
84 bytes from 172.1.1.2 icmp_seq=2 ttl=254 time=75.027 ms
84 bytes from 172.1.1.2 icmp_seq=3 ttl=254 time=75.042 ms
84 bytes from 172.1.1.2 icmp_seq=4 ttl=254 time=75.177 ms
84 bytes from 172.1.1.2 icmp_seq=5 ttl=254 time=74.975 ms

PC1> ping 192.168.20.2
84 bytes from 192.168.20.2 icmp_seq=1 ttl=62 time=89.872 ms
84 bytes from 192.168.20.2 icmp_seq=2 ttl=62 time=89.896 ms
84 bytes from 192.168.20.2 icmp_seq=3 ttl=62 time=90.087 ms
84 bytes from 192.168.20.2 icmp_seq=4 ttl=62 time=90.578 ms
84 bytes from 192.168.20.2 icmp_seq=5 ttl=62 time=89.971 ms
  • PC2
PC2> show ip

NAME        : PC2[1]
IP/MASK     : 192.168.20.2/24
GATEWAY     : 192.168.20.1
DNS         :
MAC         : 00:50:79:66:68:01
LPORT       : 10022
RHOST:PORT  : 127.0.0.1:10023
MTU:        : 1500

PC2> ping 172.1.1.1
84 bytes from 172.1.1.1 icmp_seq=1 ttl=254 time=74.990 ms
84 bytes from 172.1.1.1 icmp_seq=2 ttl=254 time=75.119 ms
84 bytes from 172.1.1.1 icmp_seq=3 ttl=254 time=75.073 ms
84 bytes from 172.1.1.1 icmp_seq=4 ttl=254 time=75.114 ms
84 bytes from 172.1.1.1 icmp_seq=5 ttl=254 time=76.088 ms

PC2> ping 192.168.10.2
84 bytes from 192.168.10.2 icmp_seq=1 ttl=62 time=89.924 ms
84 bytes from 192.168.10.2 icmp_seq=2 ttl=62 time=90.112 ms
84 bytes from 192.168.10.2 icmp_seq=3 ttl=62 time=89.979 ms
84 bytes from 192.168.10.2 icmp_seq=4 ttl=62 time=89.918 ms
84 bytes from 192.168.10.2 icmp_seq=5 ttl=62 time=90.187 ms

herdiana3389

A system administrator with skills in system administration, virtualization, linux, windows, networking, cloud computing, container, etc.